mirror/openvpn-install
1
0
Fork 0
mirror of https://github.com/Nyr/openvpn-install.git synced 2025-04-06 06:03:30 +03:00
Code Issues Projects Releases Wiki Activity
142 commits 1 branch 0 tags 1.2 MiB
Commit graph

142 commits

This branch
This branch
All branches
Author SHA1 Message Date
bh
bf8fe91402 readme change 2019-06-11 17:31:05 +08:00
bh
345cf93391 add debian auto install libsodium 2019-06-11 17:07:00 +08:00
bh
59c0cd22b6 gen dh.pem 2019-06-11 17:04:05 +08:00
bh
c3a75a8bb6 update 2019-06-11 17:02:40 +08:00
bh
d23c5e5b63 custom port add 2019-06-10 10:03:56 +08:00
bh
9a7a4ecd52 fix windows 10 "read tcp_client unknown error (code=10060) windows 10" drop connection bug 2019-06-10 01:19:48 +08:00
bh
ab12f7c41f update note 2019-06-09 01:22:53 +08:00
bh
cb487249a7 update 2019-06-09 00:48:35 +08:00
bh
a34827d9b8 update 2019-06-09 00:45:48 +08:00
bh
ce96e4bf94 add executable permissions 2019-06-09 00:35:54 +08:00
bh
32221ab2f2 change readme 2019-06-09 00:32:13 +08:00
bh
24fd8cbcc4 change lan ip set 2019-06-09 00:24:39 +08:00
bh
ce1f180026 change cipher type 2019-06-09 00:08:56 +08:00
Nyr
a6048d509f Switch to systemd for iptables configuration 
See #464.
 2019-06-07 16:17:14 +02:00
Nyr
510f9e1bf8 Remove support for old init systems 
It was broken since b3953963ba anyway.
 2019-05-24 14:47:02 +02:00
Nyr
d4efae3b10 Revert "Update to easy-rsa v3.0.6" 
This reverts commit 43ccc5fd1c.
 2019-04-24 16:52:47 +02:00
Nyr
0ce2775a3a
Update README.md 2019-03-21 14:33:37 +01:00
Nyr
43ccc5fd1c Update to easy-rsa v3.0.6 2019-02-02 13:21:30 +01:00
Nyr
456fbf189d Cleaner .ovpn files 2018-12-15 21:26:14 +01:00
Nyr
c90989a0e2 Use a predefined DH group 
This is way faster than generating our own, see #532.
 2018-10-20 14:52:24 +02:00
Nyr
6e21afcdda Update to easy-rsa v3.0.5 2018-09-25 15:20:15 +02:00
Sidd
22adb31b2e Disable compression to mitigate VORACLE (#509) 2018-08-28 14:18:58 +02:00
Nyr
cc81838501 Revert "Improve iptables configuration" 
This reverts commit fdc2bfbdac.
 2018-06-14 22:40:45 +02:00
Nyr
fdc2bfbdac Improve iptables configuration 
See #464.
 2018-06-08 17:46:09 +02:00
Nyr
b3953963ba Switch from /etc/sysctl.conf to systemd-sysctl 2018-06-08 16:07:49 +02:00
Nyr
6061a29028 Small UX improvements 2018-05-10 17:24:43 +02:00
Nyr
5b9f3b62b8
Merge pull request #460 from Kcchouette/patch-1 
Fixes a typo.
 2018-05-03 14:26:22 +02:00
Kcchouette
269551c25f
Update openvpn-install.sh 2018-05-03 11:03:15 +02:00
Nyr
d717353769 Cleanup 
- SELinux in CentOS already has rules for both udp/1194 and tcp/1194,
so the protocol check was not needed.
- Remove unneeded arguments from some grep and rm commands.
 2018-04-26 15:10:18 +02:00
Nyr
83234ddae4 Improve NAT detection 
Cleaner and better:
- Not relying in an external service
- Avoids a false positive when the server has multiple public IPv4
addresses and the user selects one which is not the default gateway
 2018-04-21 21:06:41 +02:00
Nyr
ff254aeb1e General cleanup 2018-04-21 20:41:16 +02:00
Nyr
cb28b57e09 Remove wget dependency in CentOS 
curl is always included with CentOS and wget is always included with
Debian/Ubuntu. So it was useless to install wget in CentOS like we were
doing for those cases when it wasn't already installed. Now curl will
be used instead.
 2018-04-19 21:25:18 +02:00
Nyr
2726a148ee Remove IP address detection fallback 
It was never used, the one-liner is enough.
 2018-04-19 21:00:58 +02:00
Nyr
cb2a5b8028 Clarify NAT configuration dialog 
Closes #451.
 2018-04-16 17:53:48 +02:00
Nyr
e73503054e Update DNS list 
Added 1.1.1.1 and removed two mostly unpopular choices.

Currently discarded services are: Yandex, Neustar, NTT, HE, Quad9 and
Freenom World. The list was starting to get too big.
 2018-04-04 17:28:09 +02:00
Nyr
30636c7bf6 Update README.md 2018-04-04 17:27:00 +02:00
Nyr
33452242a1 Fix system resolvers option for environments running systemd-resolved 2018-01-21 18:21:53 +01:00
Nyr
886f32c2da Update README.md 2018-01-21 17:55:00 +01:00
Nyr
02d634437b Update to easy-rsa v3.0.4 2018-01-21 17:54:33 +01:00
Nyr
0397827abe Resolves #353 2017-09-11 18:53:49 +02:00
Nyr
8f881565b7 Update to easy-rsa v3.0.3 2017-08-29 17:56:46 +02:00
Nyr
9c0579052f Fix #352 
Set EASYRSA_CRL_DAYS to 3650 instead of the default 180.

OpenVPN 2.4+ enforces the nextUpdate value in the CRL as a hard limit,
and will not work if more than 6 months passed since it was generated.
 2017-08-29 17:55:14 +02:00
Nyr
b2d8c73e1b Debian 9 compatibility and small bug fixes 
- Removed Debian 9 compatibility warning
- openvpn-blacklist is no longer uninstalled on removal
- Improvement: removal of /usr/share/doc/openvpn* hasn't been needed
for years
- Fixed: live iptables removal was failing for Debian since
6d51476047
 2017-06-20 19:19:10 +02:00
Nyr
82776145f2 Add temporal warning for Debian Stretch users 2017-06-18 17:58:53 +02:00
Nyr
c0f0d47a64 Upgrade HMAC digest algorithm to SHA-512 
This was long overdue for compatibility reasons. My decision to force
the upgrade now, has been made following recomendations published in
the OpenVPN 2.4 audit performed by Cryptography Engineering LLC.
 2017-06-04 13:16:57 +02:00
Nyr
bcca288029 Offer updated 2017-05-30 15:15:14 +02:00
Nyr
6d51476047 Enable internal networking 
See #299.
 2017-04-27 14:46:34 +02:00
Nyr
28f238bc43 Fix #284 2017-03-31 13:52:08 +02:00
Nyr
0d1db4608f Fix #280 2017-03-29 01:01:51 +02:00
Nyr
c94bc5e3b4 Multiple firewall bug fixes 
- When FirewallD is detected, NAT is now applied via FirewallD instead
of iptables (fixes #267).
- iptables REJECT/DROP/ACCEPT rules where not being properly detected.
- iptables rules were applied even when FirewallD was detected and the
same rules were being applied via firewall-cmd.
 2017-03-23 18:11:35 +01:00